QNAP Systems Inc.
Products
5- 10 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-50387 | 0.02 | — | 0.10 | Dec 6, 2024 | A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and… | |||
| CVE-2025-11837 | 0.00 | — | 0.01 | Jan 2, 2026 | An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover… | |||
| CVE-2025-62857 | 0.00 | — | 0.00 | Jan 2, 2026 | A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and… | |||
| CVE-2025-52425 | 0.00 | — | 0.00 | Nov 7, 2025 | An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QuMagie 2.7.0 and later | |||
| CVE-2025-58464 | 0.00 | — | 0.00 | Nov 7, 2025 | A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QuMagie 2.7.3… | |||
| CVE-2025-54154 | 0.00 | — | 0.00 | Oct 3, 2025 | An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version:… | |||
| CVE-2024-38642 | 0.00 | — | 0.00 | Sep 6, 2024 | An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following… | |||
| CVE-2023-47219 | 0.00 | — | 0.01 | Jan 5, 2024 | A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | |||
| CVE-2023-47559 | 0.00 | — | 0.00 | Jan 5, 2024 | A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | |||
| CVE-2023-47560 | 0.00 | — | 0.01 | Jan 5, 2024 | An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | |||
| CVE-2023-41285 | 0.00 | — | 0.01 | Nov 10, 2023 | A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later | |||
| CVE-2023-41284 | 0.00 | — | 0.01 | Nov 10, 2023 | A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later | |||
| CVE-2023-39295 | 0.00 | — | 0.02 | Nov 10, 2023 | An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later | |||
| CVE-2021-28805 | 0.00 | — | 0.00 | Jun 11, 2021 | Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on… | |||
| CVE-2021-28801 | 0.00 | — | 0.01 | Jun 11, 2021 | An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on… | |||
| CVE-2020-36198 | 0.00 | — | 0.01 | May 13, 2021 | A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue… |
- CVE-2024-50387Dec 6, 2024risk 0.02cvss —epss 0.10
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and…
- CVE-2025-11837Jan 2, 2026risk 0.00cvss —epss 0.01
An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover…
- CVE-2025-62857Jan 2, 2026risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and…
- CVE-2025-52425Nov 7, 2025risk 0.00cvss —epss 0.00
An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QuMagie 2.7.0 and later
- CVE-2025-58464Nov 7, 2025risk 0.00cvss —epss 0.00
A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QuMagie 2.7.3…
- CVE-2025-54154Oct 3, 2025risk 0.00cvss —epss 0.00
An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version:…
- CVE-2024-38642Sep 6, 2024risk 0.00cvss —epss 0.00
An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following…
- CVE-2023-47219Jan 5, 2024risk 0.00cvss —epss 0.01
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later
- CVE-2023-47559Jan 5, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later
- CVE-2023-47560Jan 5, 2024risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later
- CVE-2023-41285Nov 10, 2023risk 0.00cvss —epss 0.01
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later
- CVE-2023-41284Nov 10, 2023risk 0.00cvss —epss 0.01
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later
- CVE-2023-39295Nov 10, 2023risk 0.00cvss —epss 0.02
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later
- CVE-2021-28805Jun 11, 2021risk 0.00cvss —epss 0.00
Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on…
- CVE-2021-28801Jun 11, 2021risk 0.00cvss —epss 0.01
An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on…
- CVE-2020-36198May 13, 2021risk 0.00cvss —epss 0.01
A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue…